Something Smells Phishy To Me…

++++++++++++++++++++++++++++++++++++++++++

From: survey@bankofhanover.com
Reply-to: do-not-reply@bankofhanover.com
Sent: 8/7/2008 3:53:55 A.M. Central Daylight Time
Subj: Bank of Hanover Online Survey ID : XZURGKDHEF

 
Congratulations!
Dear Customer,

You’ve been selected to take part in our quick and easy 9 questions survey In return we will credit $90.00 to your account - Just for your time!

Please spare two minutes of your time and take part in our online survey so we can improve our services.
Don’t miss this chance to change something.

To access the form please copy/paste the link below in your browser (or click the link):

avamehr.com:81/bankofhanover/survey/survey.php

Founded in 1835, Bank of Hanover is dedicated to building strong relationships with families, individuals and businesses within the communities we serve, everyday.

We pride ourselves in offering superior customer service with a personalized touch.
© Copyright 2008 Bank of Hanover is an affiliate of Sterling Financial Corporation which merged with The PNC Financial Services Group, Inc.
(NYSE:PNC) on April 4, 2008. All rights reserved.

Links to third-party sites are provided for your convenience.

Such sites may not follow the same privacy or security standards as ours. We do not endorse, approve, or control those sites.
Note:
* If you received this message in your SPAM/BULK folder, that is because  of the restrictions implemented by your ISP
* For security reasons, we will record your ip address, the date and time.
* Deliberate wrong imputs are criminally pursued and indicted.

Survey ID :

FJGIJTGHKGPTKPTGOGHXBLPBQQJYRVFMRTLOLE
++++++++++++++++++++++++++++++++++++++++++

Investigator Notes:

1.  The email was sent without a “To” field so that additional recipients could not be identified.  Most legitimate emails to account holders and customers are sent directly to the recipient’s email address and are often personalized with the account holder’s name in the email.

2.  The included link:

avamehr.com:81/bankofhanover/survey/survey.php

points to a website which is obviously not a Bank of Hanover website.  This entire email was a very amateur attempt.

3.  Bank accounts are the most desireable accounts to phishermen.  Extra precaution should always be taken when receiving suspicious emails ragarding bank accounts.

4.  Spelling and/or grammatical errors.  Layout problems.

++++++++++++++++++++++++++++++++++++++++++

From: security.alert@colonial.com
Sent: 8/8/2008 7:52:04 P.M. Central Daylight Time
Subj: Important Security Alert!!!

Dear Customer,

During Our Security Maintenance and SSL Secure Servers Upgrade, Our technical services team noticed a slight error on your personal information. This might be due to either of the following reasons :

1) A recent change in your personal information.

2) Your Account has been accessed from a Foreign IP.

3) Submitting invalid information during initial sign in process.

Due to this, you are requested to Update and Verify your information by following the link below.

To get started, please click the link below:

colonialbank.com/
*Important*

We have asked few additional information which is going to be the part of secure login process. These additional information will be asked during your future login security so, please provide all these info completely and correctly otherwise due to security reasons we may have to close your account temporarily.

We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Colonial Bank Customers Support Service.
++++++++++++++++++++++++++++++++++++++++++

Investigator Notes:

1.  The email was sent without a “To” field so that additional recipients could not be identified.  Most legitimate emails to account holders and customers are sent directly to the recipient’s email address and are often personalized with the account holder’s name in the email.

2.  The included link, colonialbank.com, points to a URL which is obviously not a Colonial Bank website:

sign-art.co.kr/board/data/new3/col.html

It should be noted that this was one of the best “knock-off” websites that I have seen to date.  All links point to Colonial Bank’s actual website with the exception of the Username and Password Login form.  Once login information is entered the visitor is taken to an “identitiy confirmation” page where the scammers also attempt to get answers to common security questions.  This South Korea based fake website is one of the longer-lived ones I’ve come across, too, having been online now for several days.

3.  Bank accounts are the most desireable accounts to phishermen.  Extra precaution should always be taken when receiving suspicious emails ragarding bank accounts.

4.  Spelling and/or grammatical errors.